Skip to main content
CVE-2015-8249 CRITICAL POC THREAT Emergency

The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 80.2%.

File Upload Zoho Desktop Central
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
80.2%
Threat
5.9
CVE-2017-11120 CRITICAL POC THREAT Emergency

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.4%.

Buffer Overflow Broadcom Bcm4355C0 Firmware Iphone Os Tvos
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.4%
Threat
4.2
CVE-2017-12814 CRITICAL POC Act Now

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Microsoft Perl
NVD
CVSS 3.0
9.8
EPSS
6.1%
CVE-2017-11121 CRITICAL POC Act Now

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Broadcom Denial Of Service Bcm4355C0 Firmware Iphone Os +1
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2017-10932 CRITICAL Act Now

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.8% and no vendor patch available.

Zte Deserialization Apache RCE Java +6
NVD
CVSS 3.1
9.8
EPSS
13.8%
CVE-2017-12621 CRITICAL PATCH Act Now

During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Commons Jelly
NVD
CVSS 3.1
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy